1. Field of the Invention
The present invention relates to a system and method for updating user identifiers (IDs), and more particularly, to a method and system for dynamically creating and updating user identifiers (IDs) shared between systems according to system security environments.
2. Description of the Related Art
Along with development and expansion of the Internet, electronic commerce is rapidly becoming a common feature of ever life. A user gets memberships of various service provider servers and thus receives services provided from the service provider servers. If a user requests a subscription to a service provider server, the service provider server requests the user to register an identifier (ID) and a password, validates a user authorization using the ID and password registered by the user and then provides services to the user. Many users have so many user IDs and passwords that they cannot correctly remember all their IDs and passwords. Accordingly, many systems provide a function for integrating and managing user's IDs and passwords.
Korean Patent Application No. 10-2000-0030890, entitled “The Method for Managing ID and Password”, discloses a function for preventing a user from forgetting his/her IDs and passwords by enabling the user to integrate and manage his/her IDs and passwords registered on various service provider servers. However, in the Korean Patent Application No. 10-2000-0030890, the user must obtain an authentication from each service provider server whenever he/she accesses one of the service provider servers to use services thereof, which causes inconvenience when the user has registered on many service provider servers.
Recently, a Single Sign-On (SSO) technique has been developed in which additional authentications are unnecessary once a user obtains an authentication from one of his/her subscribed service provider servers. A “Passport” system created by Microsoft Corporation is an example of an SSO on the Internet. In the “Passport” system, a single service provider server manages user IDs, and other service provider servers are federated with the server provider server managing the user IDs. However, since user IDs and passwords are centrally managed by a service provider server of Microsoft Corporation, users are worried about privacy protection.
In order to resolve this privacy protection issue, the Liberty Alliance Group has defined a so-called “Federated Name Identifier” method, in which service provider severs, each managing user IDs and passwords, are federated with each other through an agreement and provide an SSO to users. The method assigns randomly created user IDs to the users without using the users' actual IDs and manages the encoded user IDs. That is, when a user accesses a service provider server SP in order to use services of the service provider server SP after he/she obtains an authentication through his/her ID from an ID service provider server IDSP, the ID service provider server IDSP transmits a pre-stored user ID for the service provider server SP to the service provider server SP.
The service provider server SP confirms through the user ID transmitted from the ID service provider server IDSP a fact that the user obtains an authentication, thereby requiring no further authentication for the user. In this case, the user ID transmitted to the service provider server SP is a randomly encoded user ID.
The Liberty Alliance Group defines a method for creating user IDs, but has no definition regarding when or under which circumstances user IDs should be updated. If system or user ID information is hacked, the user ID must be instantly updated. Also, in circumstances where unauthorized access attempts on a system are frequent, associated user IDs must be frequently updated in order to ensure security.